Quantum-Safe Cryptography

Quantum Computing and the risk to security and privacy

The advent of large-scale quantum computing offers great promise to science and society, but brings with it a significant threat to our global information infrastructure. Public-key cryptography - widely used on the internet today - relies upon mathematical problems that are believed to be difficult to solve given the computational power available now and in the medium term.

However, popular cryptographic schemes based on these hard problems – including RSA and Elliptic Curve Cryptography – will be easily broken by a quantum computer. This will rapidly accelerate the obsolescence of our currently deployed security systems and will have dramatic impacts on any industry where information needs to be kept secure.

Quantum-safe cryptography refers to efforts to identify algorithms that are resistant to attacks by both classical and quantum computers, to keep information assets secure even after a large-scale quantum computer has been built.

What is at risk?

Without quantum-safe cryptography and security, all information that is transmitted on public channels now – or in the future – is vulnerable to eavesdropping. Even encrypted data that is safe against current adversaries can be stored for later decryption once a practical quantum computer becomes available. At the same time it will be no longer possible to guarantee the integrity and authenticity of transmitted information, as tampered data will go undetected. From business, ethical, and legal perspectives, this would violate the regulatory requirements for data privacy and security that are in existence today.

Cryptanalysis and the standardization of cryptographic algorithms require significant time and effort for their security to be trusted by governments and industry. ETSI is taking a proactive approach to define the standards that will secure our information in the face of technological advance.

The ISG QSC has been closed early 2017 and the work has been transferred to ETSI TC Cyber WG QSC.

The ETSI Quantum-Safe Cryptography (QSC) ISG aimed to assess and make recommendations for quantum-safe cryptographic primitives and protocols, taking into consideration both the current state of academic cryptology and quantum algorithm research, as well as industrial requirements for real-world deployment. ETSI QSC ISG seeked to standardize the relevant algorithms, primitives, and risk management practices as needed to seamlessly preserve our global information security infrastructure.

This group considered the security properties of the proposed algorithms and protocols along with practical considerations, such as extensible security architectures and technology switching costs, which allow these recommendations to support a variety of industrial use cases. We aimed to make pragmatic comparisons and concrete characterisations and recommendations to assist the global technology community to select and deploy the best available quantum-safe alternatives.